Summary and knowledge check


In this module, you learned about how Microsoft 365 procures, monitors, and manages subprocessors to help protect data from unauthorized access and inappropriate use.

Now that you have completed this module, you should be able to:

  • Explain how the Supplier Security and Privacy Assurance (SSPA) program helps Microsoft online services protect customer data and personal data.
  • List the types of subprocessors utilized by Microsoft and the access controls employed by each type.
  • Describe how Microsoft 365's additional subprocessor requirements limit the number of approved subprocessors and provides notice to customers when new subprocessors are approved.
  • List subprocessor onboarding and ongoing subprocessor verification requirements required by the SSPA program.
  • Describe Microsoft commitments to protecting customer data and personal data when a supplier contract ends.

Check your knowledge


What type of subprocessor is used to deliver services to help support, operate, and maintain Microsoft Online Services?


Which statement about Microsoft 365 subprocessor monitoring is accurate?


At the end of an engagement with Microsoft, how long does the subprocessor have to completely return or destroy all data?